Wireguard service wg-quick@wg0 fails; diagnosis indicates that port 8095 is not open

My YunoHost server

Hardware: VPS bought online
YunoHost version: (stable).
I have access to my server : Through SSH and through the webadmin
Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : no
If your request is related to an app, specify its name and version: WireGuard 0.6.2~ynh1

Description of my issue

Hello, I have installed Wireguard on my VPS. When I run diagnosis I see two issues related to this application:

  1. Port 8095 is not reachable from outside. However when I check using ‘sudo yunohost firewall list’ it lists this port as one of the open ports.

  2. Service wg-quick@wg0 is failed :frowning: * You can try to restart the service, and if it doesn’t work, have a look at the service logs in the webadmin (from the command line, you can do this with yunohost service restart wg-quick@wg0 and yunohost service log wg-quick@wg0).

These are the logs in my attempt to start wg-quick@wg0 hastebin

A couple of years ago I ran into the same problem : WireGuard service wg-quick@wg0 is failed, and diagnosis (falsely?) indicates that port 8095 is not open . At that point I got discouraged by the highly technical nature of the application. After two years I feel that I should give it another try:)

What should I do to resolve these issues? Where should I begin?

You can still ignore the port opening issue.

It looks like you are still facing the same issue as two years ago. Something I did not suggest then: sudo modprobe wireguard

Then try restarting the service if no error arose.

1 Like

Thanks! I get the following message as the output :

modprobe: FATAL: Module wireguard not found in directory /lib/modules/4.19.0-16-amd64

And following what you asked me to do last time, I also tried sudo dkms status. It does not return any output this time.

Can you share the WireGuard installation log?

In the meantime, try sudo apt install wireguard.

Here’s my WireGuard installation log:


This is what I get when I attempt to run sudo apt install wireguard:

sudo apt install wireguard
[sudo] password for admin: 
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
wireguard is already the newest version (1.0.20210223-1).
wireguard set to manually installed.
0 upgraded, 0 newly installed, 0 to remove and 1 not upgraded.

WireGuard has been integrated in the Linux kernel since its version 5.6. Is it possible for you to upgrade it? (You are on version 4.19.0)

1 Like

I checked for System Updates, and there was an update for yunohost. I installed it. And there were no new updates for WireGuard. I still could not start wg-quick@wg0.

I am now on YunoHost11.2.10.3 (stable). Should I upgrade to a newer version of the Linux kernel outside of YunoHost, manually?

If it it known to require modifying / upgrading stuff - specially the Linux kernel - outside of YunoHost (and Debian.), I am happy to resign to the fact that I cannot run WireGuard :slight_smile:

I am not savvy enough to tinker with the operating system.

You might need to check with your VPS provider documentation to see if and how you can upgrade it.

If it’s not possible, WireGuard can also be installed with sudo apt install wireguard-dkms linux-headers-$(uname -r). A reboot might be needed.

1 Like

I will try to do a test installation of YunoHost somewhere else, make the modifications you recommend and get back to this thread.

But, by any chance, does this mean that YunoHost currently cannot run WireGuard? That you’ll need to modify the Linux Kernel to be able to run it? If that is the case, is it not better to remove it from the application catalogue, or provide specific instructions / warnings about it?

It is not YunoHost’s fault if your server runs an old-ish kernel version. I’ll add a pre-install warning about this though… actually there might be a way to install the right packages. I’ll come back with something to test.

1 Like

Thanks very much for looking into it.

The reason I asked that question was because, if I install Debian 11, update it to make sure it is current, and then install YunoHost on top of it and keep the server up to date, I would naturally assume that I am running what everyone else is using. And if I have an older kernel everyone else is likely to have the same issue. That was the logic I was following :slight_smile:

1 Like

Can you try upgrading to this?

sudo yunohost app upgrade wireguard_client -u https://github.com/YunoHost-Apps/wireguard_client_ynh/tree/old-kernels -F

You might still need to restart your server.

1 Like

I tried it:

sudo yunohost app upgrade wireguard_client -u https://github.com/YunoHost-Apps/wireguard_client_ynh/tree/old-kernels -F
[sudo] password for admin: 
Error: Could not find wireguard_client in the list of installed apps: 
 * cryptpad
 * wireguard

To be able to use WireGuard, should I install both applications WireGuard and WireGuard client? If that is so, I can try installing it from the web interface.

Erf sorry no, I forgot we were talking about WireGuard and not WireGuard client:

sudo yunohost app upgrade wireguard -u https://github.com/YunoHost-Apps/wireguard_ynh/tree/old-kernels -F

1 Like

Did it work @elgee?

1 Like

I couldn’t make up my mind to go ahead with it because I started debating with myself about reinstalling the server. The information that it runs an older kernel was a bit of a shock. It shouldn’t have been the case. Something may have gone wrong at some point.

I am most likely to redo the server at some point soon. And then install WireGuard on top of it.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.